How to bind to DC depending on site

[Net Coder]

I'm trying to bind to DC by site. The environment is a AD 2K3 domain with
multiple sites.

For example, when my application is started, it checks for the site of the
computer where the application is running. Then, it looks for a DC in the
site and then all DirectorySearcher and DIrectoryEntry operations will use a
binding string aimed at that DC on the site.

If the DC is not available, then a default server, the PDC emulator is used.

How would I code in VB .Net the following:

1) Determine which site the current PC running my application is in.
2) Determine which domain controllers are in the site.
3) Bind directly to the domain controller on the site using
DirectoryServices.DirectoryEntry or DirectoryServices.DirectorySearcher

It's just that I don't trust the automatic DC selection when performing
directory operations.

 

[Jared]

NC,
Why don't you trust "automatic DC selection"? When a user initializes a
logon, a DC in his/her site should answer the request and allow them access;
that DC's name will be stored in the %LOGONSERVER% variable. Any subsequent
request should go to this DC first, which is what you want to do, right?
Jared

 

[Net Coder]

NC,
Why don't you trust "automatic DC selection"? When a user initializes a
logon, a DC in his/her site should answer the request and allow them access;
that DC's name will be stored in the %LOGONSERVER% variable. Any subsequent
request should go to this DC first, which is what you want to do, right?
Jared

Well, yes I want to bind to a DC on the site and have it guaranteed that I
always use the DC on the site for all AD queries. You see, my application
creates user accounts and then uses the information in the user account,
like the SID, immediately. With replication lag, and if the wrong DC on the
site is selected, the user account will not be on the DC which is being queried.

For example, if you create a user account on a DC and then try to create a
share immediately on another server and adjust the ACL on the share to
contain an ACE with the new user's SID, you might find that the lookup uses
a different DC on the site leading to the failure to create the share.

 

[Torgeir Bakken \(MVP\)]

I'm trying to bind to DC by site. The environment is a AD 2K3 domain
with multiple sites.

For example, when my application is started, it checks for the site of
the computer where the application is running. Then, it looks for a DC
in the site and then all DirectorySearcher and DIrectoryEntry operations
will use a binding string aimed at that DC on the site.

If the DC is not available, then a default server, the PDC emulator is
used.

How would I code in VB .Net the following:

1) Determine which site the current PC running my application is in.
2) Determine which domain controllers are in the site.
3) Bind directly to the domain controller on the site using
DirectoryServices.DirectoryEntry or DirectoryServices.DirectorySearcher

It's just that I don't trust the automatic DC selection when performing
directory operations.

Hi

Step 1) and 2) with a VBScript:


'--------------------8<----------------------

' Get sitename of current computer
sSiteName = CreateObject("ADSystemInfo").SiteName

' Find domain controller in this site
Set oRootDSE = GetObject("LDAP://RootDSE")
Set oSubnetsCont = _
GetObject("LDAP://cn=Servers,cn=" & sSiteName & ",cn=sites," _
& oRootDSE.Get("configurationNamingContext") )

oSubnetsCont.Filter = Array("server")
sServerName = "" ' Init value
For Each oSubnet In oSubnetsCont
sServerName = oSubnet.Get("cn")
Exit For ' exit loop after first find
Next

If sServerName = "" Then
WScript.Echo "No server is defined in this site"
Else
WScript.Echo "Server defined in this site: " & sServerName
End If
'--------------------8<----------------------